package jdbc;
import org.junit.Test;
import java.sql.*;
import java.sql.Date;
import java.util.*;

/**
 * Created by kevin on 2020/3/23.
 */
public class Demo3 {
    public boolean login(String name,String password){
        /**
         * 一、Connection
         * 二、Statement
         * 三、ResultSet
         */
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet = null;
        try {
            String driverClassName = "com.mysql.cj.jdbc.Driver";
            String url = "jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC";
            String mysqlUserName="root";
            String mysqlPassword="mysql";
            Class.forName(driverClassName);
            connection = DriverManager.getConnection(url,mysqlUserName,mysqlPassword);
            statement = connection.createStatement();
            String sql = "select * from stu WHERE name = '"+name+"'and password = '"+password+"'";
            resultSet = statement.executeQuery(sql);
            return resultSet.next();
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                if(resultSet!=null){
                    resultSet.close();
                }
                if(statement!=null){
                    statement.close();
                }
                if(connection!=null){
                    connection.close();
                }
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        return false;
    }

    public boolean login2(String name,String password){
        /**
         * 一、Connection
         * 二、Statement
         * 三、ResultSet
         */
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            String driverClassName = "com.mysql.cj.jdbc.Driver";
            String url = "jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC";
            String mysqlUserName="root";
            String mysqlPassword="mysql";
            Class.forName(driverClassName);
            connection = DriverManager.getConnection(url,mysqlUserName,mysqlPassword);
//            statement = connection.createStatement();
//            String sql = "select * from Stu WHERE name = '"+name+"'and password = '"+password+"'";
//            resultSet = statement.executeQuery(sql);
            /**
             * PrepareStatement 方式
             * 1.给出sql模板:所有的参数使用?来替代
             * 2.调用Connection方法得到PrepareStatement
             */
            String sql = "select * from stu WHERE name = ? and password = ? ";
            preparedStatement = connection.prepareStatement(sql);
            preparedStatement.setString(1,name);
            preparedStatement.setString(2,password);
            resultSet = preparedStatement.executeQuery();
            return resultSet.next();
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                if(resultSet!=null){
                    resultSet.close();
                }
                if(preparedStatement!=null){
                    preparedStatement.close();
                }
                if(connection!=null){
                    connection.close();
                }
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        return false;
    }

    @Test
    public void fun1(){
        String userName= "张三";
        String password="111111";
        String userName2= "错名' or 'a'='a";
        String password2="错密码' or 'a'='a";
        //正常输入
        System.out.println(login2(userName,password));
        //sql注入越过正常逻辑判断
        System.out.println(login2(userName2,password2));
    }

    @Test
    public void fun2() throws Exception{
      Connection connection = JdbcUtils.getConnection();
        System.out.println(connection.getClass().getName());
    }

    public static void main(String[] args) {

    }
}
